package org.springframework.security.rsa.crypto;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.math.BigInteger;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.CharacterCodingException;
import java.nio.charset.Charset;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.apache.tomcat.util.net.jsse.PEMFile;
import org.bouncycastle.asn1.ASN1Sequence;
import org.bouncycastle.asn1.pkcs.RSAPrivateKey;
import org.bouncycastle.asn1.pkcs.RSAPublicKey;
import org.springframework.util.Base64Utils;

/* loaded from: input_file:BOOT-INF/lib/spring-security-rsa-1.0.11.RELEASE.jar:org/springframework/security/rsa/crypto/RsaKeyHelper.class */
class RsaKeyHelper {
    private static final String BEGIN = "-----BEGIN";
    private static Charset UTF8 = Charset.forName("UTF-8");
    private static final Pattern PEM_DATA = Pattern.compile("-----BEGIN (.*)-----(.*)-----END (.*)-----", 32);
    private static final byte[] PREFIX = {0, 0, 0, 7, 115, 115, 104, 45, 114, 115, 97};
    private static final Pattern SSH_PUB_KEY = Pattern.compile("ssh-(rsa|dsa) ([A-Za-z0-9/+]+=*) (.*)");

    RsaKeyHelper() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyPair parseKeyPair(String str) {
        PublicKey generatePublic;
        Matcher matcher = PEM_DATA.matcher(str.trim());
        if (!matcher.matches()) {
            try {
                return new KeyPair(extractPublicKey(str), null);
            } catch (Exception e) {
                throw new IllegalArgumentException("String is not PEM encoded data, nor a public key encoded for ssh");
            }
        }
        String group = matcher.group(1);
        byte[] base64Decode = base64Decode(matcher.group(2));
        PrivateKey privateKey = null;
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            if (group.equals(PEMFile.Part.RSA_PRIVATE_KEY)) {
                ASN1Sequence aSN1Sequence = ASN1Sequence.getInstance(base64Decode);
                if (aSN1Sequence.size() != 9) {
                    throw new IllegalArgumentException("Invalid RSA Private Key ASN1 sequence.");
                }
                RSAPrivateKey rSAPrivateKey = RSAPrivateKey.getInstance(aSN1Sequence);
                RSAPublicKeySpec rSAPublicKeySpec = new RSAPublicKeySpec(rSAPrivateKey.getModulus(), rSAPrivateKey.getPublicExponent());
                RSAPrivateCrtKeySpec rSAPrivateCrtKeySpec = new RSAPrivateCrtKeySpec(rSAPrivateKey.getModulus(), rSAPrivateKey.getPublicExponent(), rSAPrivateKey.getPrivateExponent(), rSAPrivateKey.getPrime1(), rSAPrivateKey.getPrime2(), rSAPrivateKey.getExponent1(), rSAPrivateKey.getExponent2(), rSAPrivateKey.getCoefficient());
                generatePublic = keyFactory.generatePublic(rSAPublicKeySpec);
                privateKey = keyFactory.generatePrivate(rSAPrivateCrtKeySpec);
            } else if (group.equals("PUBLIC KEY")) {
                generatePublic = keyFactory.generatePublic(new X509EncodedKeySpec(base64Decode));
            } else {
                if (!group.equals("RSA PUBLIC KEY")) {
                    throw new IllegalArgumentException(group + " is not a supported format");
                }
                RSAPublicKey rSAPublicKey = RSAPublicKey.getInstance(ASN1Sequence.getInstance(base64Decode));
                generatePublic = keyFactory.generatePublic(new RSAPublicKeySpec(rSAPublicKey.getModulus(), rSAPublicKey.getPublicExponent()));
            }
            return new KeyPair(generatePublic, privateKey);
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException(e2);
        } catch (InvalidKeySpecException e3) {
            throw new RuntimeException(e3);
        }
    }

    private static byte[] base64Decode(String str) {
        try {
            ByteBuffer encode = UTF8.newEncoder().encode(CharBuffer.wrap(str));
            byte[] bArr = new byte[encode.limit()];
            System.arraycopy(encode.array(), 0, bArr, 0, encode.limit());
            return Base64Utils.decode(bArr);
        } catch (CharacterCodingException e) {
            throw new RuntimeException(e);
        }
    }

    static String base64Encode(byte[] bArr) {
        try {
            return UTF8.newDecoder().decode(ByteBuffer.wrap(Base64Utils.encode(bArr))).toString();
        } catch (CharacterCodingException e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyPair generateKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(1024);
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        }
    }

    private static java.security.interfaces.RSAPublicKey extractPublicKey(String str) {
        Matcher matcher = SSH_PUB_KEY.matcher(str);
        if (!matcher.matches()) {
            if (str.startsWith(BEGIN)) {
                return null;
            }
            return parseSSHPublicKey(str);
        }
        String group = matcher.group(1);
        String group2 = matcher.group(2);
        if ("rsa".equalsIgnoreCase(group)) {
            return parseSSHPublicKey(group2);
        }
        throw new IllegalArgumentException("Only RSA is currently supported, but algorithm was " + group);
    }

    static java.security.interfaces.RSAPublicKey parsePublicKey(String str) {
        java.security.interfaces.RSAPublicKey extractPublicKey = extractPublicKey(str);
        if (extractPublicKey != null) {
            return extractPublicKey;
        }
        KeyPair parseKeyPair = parseKeyPair(str);
        if (parseKeyPair.getPublic() == null) {
            throw new IllegalArgumentException("Key data does not contain a public key");
        }
        return (java.security.interfaces.RSAPublicKey) parseKeyPair.getPublic();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String encodePublicKey(java.security.interfaces.RSAPublicKey rSAPublicKey, String str) {
        StringWriter stringWriter = new StringWriter();
        stringWriter.append((CharSequence) "ssh-rsa ");
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byteArrayOutputStream.write(PREFIX);
            writeBigInteger(byteArrayOutputStream, rSAPublicKey.getPublicExponent());
            writeBigInteger(byteArrayOutputStream, rSAPublicKey.getModulus());
            stringWriter.append((CharSequence) base64Encode(byteArrayOutputStream.toByteArray()));
            stringWriter.append((CharSequence) (" " + str));
            return stringWriter.toString();
        } catch (IOException e) {
            throw new IllegalStateException("Cannot encode key", e);
        }
    }

    private static java.security.interfaces.RSAPublicKey parseSSHPublicKey(String str) {
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(base64Decode(str));
        byte[] bArr = new byte[11];
        try {
            if (byteArrayInputStream.read(bArr) != 11 || !Arrays.equals(PREFIX, bArr)) {
                throw new IllegalArgumentException("SSH key prefix not found");
            }
            return createPublicKey(new BigInteger(readBigInteger(byteArrayInputStream)), new BigInteger(readBigInteger(byteArrayInputStream)));
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    static java.security.interfaces.RSAPublicKey createPublicKey(BigInteger bigInteger, BigInteger bigInteger2) {
        try {
            return (java.security.interfaces.RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(bigInteger, bigInteger2));
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private static void writeBigInteger(ByteArrayOutputStream byteArrayOutputStream, BigInteger bigInteger) throws IOException {
        int length = bigInteger.toByteArray().length;
        byteArrayOutputStream.write(new byte[]{(byte) ((length >> 24) & 255), (byte) ((length >> 16) & 255), (byte) ((length >> 8) & 255), (byte) (length & 255)});
        byteArrayOutputStream.write(bigInteger.toByteArray());
    }

    private static byte[] readBigInteger(ByteArrayInputStream byteArrayInputStream) throws IOException {
        byte[] bArr = new byte[4];
        if (byteArrayInputStream.read(bArr) != 4) {
            throw new IOException("Expected length data as 4 bytes");
        }
        int i = ((bArr[0] & 255) << 24) | ((bArr[1] & 255) << 16) | ((bArr[2] & 255) << 8) | (bArr[3] & 255);
        byte[] bArr2 = new byte[i];
        if (byteArrayInputStream.read(bArr2) != i) {
            throw new IOException("Expected " + i + " key bytes");
        }
        return bArr2;
    }
}
